Language Selection

English French German Italian Portuguese Spanish

WireGuard Lands In Net-Next While It Waits For Inclusion In Linux 5.6

Filed under
Linux

The WireGuard secure VPN tunnel kernel code has landed in net-next! This means that -- barring any major issues coming to light that would lead to a revert -- WireGuard will finally reach the mainline kernel with the Linux 5.6 cycle kicking off in late January or early February!

Quick action overnight surprisingly saw WireGuard already land in net-next. It was just last night before sleeping that I wrote of the latest patch review for WireGuard and its prospects for Linux 5.6 after being just too late for Linux 5.5.

Read more

Also: WireGuard VPN is a step closer to mainstream adoption

At long last, WireGuard VPN is on its way into Linux

  • At long last, WireGuard VPN is on its way into Linux

    How much are people looking forward to WireGuard, the new in-kernel Linux virtual private network (VPN)? Well, Linus Torvalds said, "Can I just once again state my love for it and hope it gets merged soon? Maybe the code isn't perfect, but I've skimmed it, and compared to the horrors that are OpenVPN and IPSec, it's a work of art."

    If that sounds like damning with faint praise, you don't know Torvalds. For him, this is high praise. WireGuard has now been committed to the mainline Linux kernel. While there are still tests to be made and hoops to be jumped through, it should be released in the next major Linux kernel release, 5.6, in the first or second quarter of 2020.

WireGuard VPN Is On Its Way To Linux

  • WireGuard VPN Is On Its Way To Linux

    WireGuard has now been committed to the mainline Linux kernel. "While there are still tests to be made and hoops to be jumped through, it should be released in the next major Linux kernel release, 5.6, in the first or second quarter of 2020," reports ZDNet

WireGuard VPN is a step closer to mainstream adoption

  • WireGuard VPN is a step closer to mainstream adoption

    As of this morning, Linux network stack maintainer David Miller has committed the WireGuard VPN project into the Linux "net-next" source tree. Miller maintains both net and net-next—the source trees governing the current implementation of the Linux kernel networking stack and the implementation of the next Linux kernel's networking stack, respectively.

    This is a major step forward for the WireGuard VPN project. Net-next gets pulled into the new Linux kernel during its two-week merge window, where it becomes net. With WireGuard already a part of net-next, this means that—barring unexpected issues—there should be a Linux kernel 5.6 release candidate with built-in WireGuard in early 2020. Mainline kernel inclusion of WireGuard should lead to significantly higher uptake in projects and organizations requiring virtual private network capability.

WireGuard VPN For Linux Is Finally Ready For Launch

  • WireGuard VPN For Linux Is Finally Ready For Launch

    For several years, developers have been working on WireGuard VPN for Linux and now it is finally ready to arrive on the platform.

    Linus Torvalds, the creator of Linux himself praised the new in-kernel Linux VPN, calling it a “work of art” in comparison to other VPNs such as OpenVPN and IPSec (referring to them as horrors).

Ubuntu 20.04 LTS Might Still End Up Shipping With WireGuard

  • Ubuntu 20.04 LTS Might Still End Up Shipping With WireGuard Support

    There are early discussions going on over the possibility of shipping WireGuard support in Ubuntu 20.04 LTS that could be done either using the existing DKMS kernel module or patching their Linux 5.5-based kernel with WireGuard now that the necessary crypto API changes made it into that release.

    Part of the unfortunate aspect of not having WireGuard merged for Linux 5.5 due to the timing of the merge window is that it unfortunately misses the mark for Ubuntu 20.04 LTS but is already in net-next for Linux 5.6. With Linux 5.5 being out in late January or early February, this will almost definitively be the kernel powering this next Ubuntu Long-Term Support release as Linux 5.6 would cut simply too close to the April launch date for the LTS distribution.

WireGuard to be merged with Linux net-next tree

  • WireGuard to be merged with Linux net-next tree and will be available by default in Linux 5.6

    On December 9, WireGuard announced that its secure VPN tunnel kernel code will soon be included in Linux net-next tree. This indicates, “WireGuard will finally reach the mainline kernel with the Linux 5.6 cycle kicking off in late January or early February!”, reports Phoronix.

    WireGuard is a layer 3 secure networking tunnel made specifically for the kernel, that aims to be much simpler and easier to audit than IPsec.

    On December 8, Jason Donenfeld, WireGuard’s lead developer sent out patches for the net-next v2 WireGuard. “David Miller has already pulled in WireGuard as the first new feature in net-next that is destined for Linux 5.6 now that the 5.5 merge window is over,” the email thread mentions.

    While WireGuard was initiated as a Linux project, its Windows, macOS, BSD, iOS, and Android versions are already available. The reason behind the delay for Linux was that Donenfeld disliked Linux’s built-in cryptographic subsystem citing its API is too complex and difficult.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Programming Leftovers

  • Ravgeet Dhillon: Offline Toast notification in Nuxt/Vue app

    We have often seen apps telling us that “You are offline. Check your network status.”. It is not only convenient to do so but adds to a great UX. In this blog, we will look at how can we display a toast notification in a Nuxt/Vue app whenever the user goes offline or online. This will also help us to understand how to use computed and watch properties together. [...] Hurray! Our toast notifications are working perfectly fine. So using the combined magic of computed and watch properties, we can create outstanding workflows and take our Nuxt/Vue app to next level. If you any doubts or appreciation for our team, let us know in the comments below. We would be happy to assist you.

  • Stephen Michael Kellat: Leveraging LaTeX In This Time

    From time to time I like to bring up fun adventures in LaTeX. In these stranges times in the United States it is important to look at somewhat practical applications beyond the normal reports and formal papers most people think of. With a Minimum Working Example we can mostly look at an idea. The Comprehensive TeX Archive Network has a package known as newspaper which is effectively subject to nominative determinism. You can make things with it that look like newspapers out of the 1940s-1960s in terms of layout. The page on CTAN shows nice examples of its use and provides a nice story as to why the package was created. The example source file on CTAN has a bug in it, though. We're going to make a new one based on it. I am also going to add but not yet utilize the markdown package to the example.

  • 2021.03 Course Topped – Rakudo Weekly News

    The course of the Raku Programming Language by Andrew Shitov made it to the top 20 of Hacker News and spurred quite a few comments. The first associated Grant Report was also published.

  • GCC 11 Is On The Final Stage Of Development With 60+ High Priority Regressions - Phoronix

    GCC 11 entered its final stage of development today as it works towards releasing around the end of Q1 / early Q2 if their past cadence holds up. Before GCC 11.1 can debut as the first stable version, there are some 60+ "P1" high priority regressions that need to be resolved or otherwise demoted to lesser priority regressions. GCC 11 release manager Richard Biener this morning announced GCC 11 is now in stage four development meaning only regression fixes and documentation fixes are allowed. As of this morning the code-base is at 62 P1 regressions, another 334 P2 regressions, 35 P3 regressions, and more than 200 regressions of the lower P4/P5 status.

Devices: Xtra-PC, Arduino and Inventor Coding Kit

  • Xtra-PC Reviews – Best Linux USB-Stick? - Product Review by Rick Finn

    The Xtra-PC Linux USB-Stick might be your solution if you have problems with your old and slow PC. It's a small flash drive stick and it's using Linux OS to boost you PC's operations. Check out now.

  • Arduino Blog » Old keyboard turned into a new children’s learning toy

    Peter Turczak’s toddler son loves “technical stuff,” especially things like keyboards and computers that adults use. After discussing this with other likeminded technical parents, the idea of giving new life to an old (PS/2 or AT) keyboard as a teaching tool was hatched.

  • SiFive Helping To Teach Kids Programming With RISC-V HiFive Inventor Coding Kit

    SiFive in cooperation with Tynker and BBC Learning have launched a Doctor Who themed HiFive Inventor Coding Kit. This Initial HiFive Inventor Coding Kit is intended to help kids as young as seven years of age get involved with computer programming through a variety of fun exercises and challenges involving the RISC-V powered mini computer and related peripherals like LED lighting and speaker control. [...] So for those looking to get their kids involved with computer programming and looking for an IoT-type device with some fun sensors and various themed exercises to get them experimenting, the HiFive Inventor Coding Kit is worth looking into further. More details on the programming platform can be found via Tynker.com and on the hardware at HiFiveInventor.com. The HiFive Inventor Kit is available from Amazon.com and other Internet retailers for $75 USD.

Security Leftovers

  • Security updates for Monday

    Security updates have been issued by Arch Linux (atftp, coturn, gitlab, mdbook, mediawiki, nodejs, nodejs-lts-dubnium, nodejs-lts-erbium, nodejs-lts-fermium, nvidia-utils, opensmtpd, php, python-cairosvg, python-pillow, thunderbird, vivaldi, and wavpack), CentOS (firefox and thunderbird), Debian (chromium and snapd), Fedora (chromium, flatpak, glibc, kernel, kernel-headers, nodejs, php, and python-cairosvg), Mageia (bind, caribou, chromium-browser-stable, dom4j, edk2, opensc, p11-kit, policycoreutils, python-lxml, resteasy, sudo, synergy, and unzip), openSUSE (ceph, crmsh, dovecot23, hawk2, kernel, nodejs10, open-iscsi, openldap2, php7, python-jupyter_notebook, slurm_18_08, tcmu-runner, thunderbird, tomcat, viewvc, and vlc), Oracle (dotnet3.1 and thunderbird), Red Hat (postgresql:10, postgresql:12, postgresql:9.6, and xstream), SUSE (ImageMagick, openldap2, slurm, and tcmu-runner), and Ubuntu (icoutils).

  • About CVE-2020-27348

    Well this is a doozey. Made public a while back was a security vulnerability in many Snap Packages and the Snapcraft tool used to create them. Specifically, this is the vulnerability identified as CVE-2020-27348. It unfortunately affects many many snap packages… [...] The problem arises when the LD_LIBRARY_PATH includes an empty element in its list. When the Dynamic Linker sees an empty element it will look in the current working directory of the process. So if we construct our search paths with an accidental empty element the application inside our Snap Package could be caused to load a shared library from outside the Snap Package’s shipped files. This can lead to an arbitrary code execution. It has been common to put a definition of the LD_LIBRARY_PATH variable into a Snap Package’s snapcraft.yaml that references a predefined $LD_LIBRARY_PATH as if to extend it. Unfortunately, despite this being common, it was poorly understood that SnapD ensures that the $LD_LIBRARY_PATH is unset when starting a Snap Package’s applications. What that means is that where the author tried to extend the variable they have inadvertantly inserted the bad empty element. The empty element appears because $LD_LIBRARY_PATH is unset so the shell will expand it to an empty string.

  • Wait, What? Kids Found A Security Flaw in Linux Mint By Mashing Keys!

    Security flaws can be incredibly stupid and dangerous. Of course, I’m not judging anyone, we are humans after all. But this little incident is quite funny.

Audiocasts/Shows: Blender 2.91, Server Security, Linux in the Ham Shack and More